C2 Over HTTPS and DNS Tunneling

Command and Control (C2) is the channel through which attackers issue commands to compromised systems and receive data. Modern C2 blends with legitimate traffic to evade detection, using protocols (HTTPS, DNS) and infrastructure (CDNs, cloud services) that are difficult to block without collateral damage.

HTTPS C2 wraps commands and responses in TLS-encrypted HTTP traffic. The beacon periodically polls a C2 server with GET requests; commands are returned in HTTP responses. Jitter (random variation in beacon interval) prevents the regular timing pattern that detects synchronous beaconing.